Sending a password reset link for PHP added WordPress users

Blog

Sometimes you need to create users in WordPress with PHP code, be it because you’re importing users, or because you want to let one user add other users. When you do this you want the new users to be able to reset their password.

At first I thougth to use a password reset link, to the password reset page in WordPress, but this is not very user friendly:

  1. The user has to enter his username or email address
  2. The user will receive a resetmail with a link.
  3. After clicking it, the user can reset the password.

It would be much better if we could directly send the resetlink that leads to the third step. To do this we need to create a password reset key, which is only temporarily valid.

The code below generates such an email.

function dtc_send_password_reset_mail($user_id){

    $user = get_user_by('id', $user_id);
    $firstname = $user->first_name;
    $email = $user->user_email;
    $adt_rp_key = get_password_reset_key( $user );
    $user_login = $user->user_login;
    $rp_link = '<a href="' . wp_login_url()."/resetpass/?key=$adt_rp_key&login=" . rawurlencode($user_login) . '">' . wp_login_url()."/resetpass/?key=$adt_rp_key&login=" . rawurlencode($user_login) . '</a>';

    if ($firstname == "") $firstname = "gebruiker";
    $message = "Hi ".$firstname.",<br>";
    $message .= "An account has been created on ".get_bloginfo( 'name' )." for email address ".$email."<br>";
    $message .= "Click here to set the password for your account: <br>";
    $message .= $rp_link.'<br>';

    //deze functie moet je zelf nog toevoegen. 
   $subject = __("Your account on ".get_bloginfo( 'name'));
   $headers = array();

   add_filter( 'wp_mail_content_type', function( $content_type ) {return 'text/html';});
   $headers[] = 'From: Your company name <info@your-domain.com>'."\r\n";
   wp_mail( $email, $subject, $message, $headers) === false);

   // Reset content-type to avoid conflicts -- http://core.trac.wordpress.org/ticket/23578
   remove_filter( 'wp_mail_content_type', 'set_html_content_type' );
}

Usage: this function should be called in the function which creates the user

For example, if you want a user to create other users, clicking a link could call this function, which creates a user based on email address, and optionally, firstname and lastname. The last step in this function calls the reset password function:

function dtc_create_user($email, $firstname='', $lastname=''){
    $user_name = $email;
    
    //check if the email is not in use yet
    if (!email_exists($email)) {
        $random_password = wp_generate_password(16);
        //create the user 
        $user_id = wp_create_user($user_name, $random_password, $email);
        if (!is_wp_error($user_id)) {
            
            //Not required: update user with details, role, firstname, lastname. 
            $userdata = array(
                "ID" => $user_id,
                "first_name" => $firstname,
                "last_name" => $lastname,
                "role" => "subscriber",
            );
            $user_id = wp_update_user($userdata);
            
            //send password reset to user. 
            dtc_send_password_reset_mail($user_id);
            
        }

    }
}

2 thoughts on “Sending a password reset link for PHP added WordPress users

  1. Excellent article. Can you tell me how/when we need to fire the function dtc_send_password_reset_mail() for password reset.

    1. Sure. I have updated the article with a function which creates a user, then calls the password reset link function

Leave a Reply

Your email address will not be published. Required fields are marked *

×